Options
GPO headache with loopback processing.
I am having a heck of a time with this, but I am trying to apply a locked down computer only to specific PCs that I have listed in the Security Filtering on a test GPO I have created.
Default GPO - User can access items on desktop
Test GPO - User is locked down and cannot access desktop.
Since I can only accomplish this with user configuration settings, I want to be able to have this only affect certain computer, otherwise their regular desktops will be locked out. I've Googled this everywhere, but this is not working. The policy is just not being applied.
I added the computer to a security group "Kiosk PC" and placed that group inside the Security Filtering option on the GPO so that it only applies to that group. I then enabled loop back processing to "Merge" or "Replace". I replicate across the DCs to be sure. But when I login, nothing is applied and the user has full access to the PC in "Kiosk PC" group that I specified in the Security Filtering.
However, as soon as I apply Authenticated Users, it works. But I don't want it to go into effect all the time, just on computers designated as Kiosks.
I've been working on this for three days... what am I missing?
Default GPO - User can access items on desktop
Test GPO - User is locked down and cannot access desktop.
Since I can only accomplish this with user configuration settings, I want to be able to have this only affect certain computer, otherwise their regular desktops will be locked out. I've Googled this everywhere, but this is not working. The policy is just not being applied.
I added the computer to a security group "Kiosk PC" and placed that group inside the Security Filtering option on the GPO so that it only applies to that group. I then enabled loop back processing to "Merge" or "Replace". I replicate across the DCs to be sure. But when I login, nothing is applied and the user has full access to the PC in "Kiosk PC" group that I specified in the Security Filtering.
However, as soon as I apply Authenticated Users, it works. But I don't want it to go into effect all the time, just on computers designated as Kiosks.
I've been working on this for three days... what am I missing?
Comments
-
Options
Essendon
Member Posts: 4,546 ■■■■■■■■■■
Restarted that computer? Computer policies need a restart. -
Options
ptilsen
Member Posts: 2,835 ■■■■■■■■■■
Indeed. Run gpupdate /force on the workstation and reboot. If the policy has replicated that should apply it. Additionally, run GPResult /H or RSOP.msc to determine if the policy settings are applying or are being overridden by another policy. -
OptionsZoomer
Member Posts: 126
Yep, I ran a gpupdate /force multiple times and that didn't work. Turns out there must have been an issue with the original GPO where it was not working. I created another one and just copied all the settings over and that worked only for the computer I specified in the security filtering. Thanks!
-
OptionsEssendon
Member Posts: 4,546 ■■■■■■■■■■
Good to hear you resolved it and thank you for telling everyone how you did it!